You are here

Hugely Popular Android Apps Exposed As Scam

Six very opular Android apps have been exposed as scams to defraud advertisers. The scam also drained batteries and sucked up mobile data on the handsets.

The six apps are AIO Flashlight, Omni Cleaner, RAM Master, Selfie Camera, Smart Cooler and Total Cleaner. All were in the official Google Play store but have been removed since their real purpose came to life.

The revelation came after three security companies
- Check Point, ESET and Method Media Intelligence - worked with news site Buzzfeed to investigate risky apps. They concentrated on apps which were widely used and required permissions that were either excessive or potentially risky given their stated purpose. (Source: buzzfeed.com

Apps Make Bogus Ad 'Clicks'

In each case, the app carried
out its stated purpose, which was usually something to do with basic
functionality on the phone. They were extremely popular, with Google stats
showing all but one had been downloaded at least 10 million times, and with Selfie Camera having more than 50,000 downloads. They also had high user ratings, though this may have been manipulated.

The problem was what else the apps did. They were designed to simulate clicks on online ads, doing so in a way that meant the ad and the pages it linked to were "hidden" in the background so that the activity wasn't visible to the user. The apps also interjected fake data to claim credit when users downloaded other apps.

In both cases, the goal was to defraud advertisers through pay-per-click advertising and through a commission scheme for encouraging users to download apps.

Users also paid a price, however. The background activity decreased battery life while heating up the phone and affecting performance. The hidden ad clicks, along with sending data back to the scammers and receiving instructions, all used Internet connections. Whenever the phone wasn't connected to WiFi, that meant depleting mobile data allowances.

Chinese Makers Disguise Source

What made these scams particularly notable was the lengths the scammers went to hide their identity. They disguised the fact that the apps were owned by Chinese company DO Global.

The main message for users is that appearing in Google Play store isn't a guarantee an app is safe, despite the store's "official" status. The key is to look at the list of requested permissions
- which allow an app to access a particular resource on the phone - and be wary of anything that doesn't seem relevant or necessary for the app's supposed purpose. (Source: techspot.com)

What's Your Opinion?

Have you ever noticed a sudden rise in handset temperature and data use or a decrease in battery life after installing an app? Do you pay attention to permission requests on Android apps? Should Google better vet apps even if that means less choice available to users?

Comments

I knew these apps were dubious when my wife had one of them installed on her phone. She doesn't know how it got there (most likely because it was bundled with some other junk app) - plus it was incredibly difficult to figure out what the name of the app was so I could remove it. I am always dubious of any software made in China because of the many stories I've read about state-sponsored hacking. I also know for a fact that my web server is being attacked by bots in China and Russia 24/7 (which is also being blocked). Caveat emptor!